There are "discussion" pages (also known as "talk" pages) associated with every article at OWASP. You can leave questions, comments, or ideas on these pages for other authors to review. These pages are a good place to propose ideas or discuss possible approaches to problems. You should "sign" your comments by adding four tilde characters (<nowiki>~~~~</nowiki>) after your comment. Use section headings for different topic areas. Thanks!

+

There are "discussion" pages (also known as "talk" pages) associated with every article at OWASP. You can leave questions, comments, or ideas on these pages for other authors to review. These pages are a good place to propose ideas or discuss possible approaches to problems. You should "sign" your comments by adding four tilde characters (<nowiki>~~~~</nowiki>) after your comment. Thanks!

−

==Comment==

+

==Visual WebGui?==

+

+

Hi my is Nigel and I am new to OWASP, I am researching Gizmox's Webgui framework and their claim that it is very secure, has any projects been started on this framework or does anyone have any expirence ?

Hi My name is Deepak Gupta. I am facing cross site scripting threat on my websites. Hackers are able to inject CSS code on my site which have static HTML Pages only. How can I check the root cause this vulnerabilty. How I can see if my server is compromised or not for this kind of attack.

+

+

+

==Application Security Students==

+

+

I am Yogesh - student, I heard about OWASP's & intrested to go into application info security.As it is a vast field of expertize. Tell me how a studend with specialized MBA-IT background can fit in.

+

+

The best way to learn application security is by doing it. Check

+

out the [[OWASP student projects]] for some ideas. It's a great way

+

to learn. [[User:OWASP|OWASP]] 22:20, 22 July 2006 (EDT)

+

+

+

What basic knowledge should I have before choosing "Threat Risk modeling" as my career. (Looking for detailed feedback ) Thank you

information you need. You should also read about the process of threat modeling.

+

There are a few books on the subject, including "Threat Modeling" and

+

"Secure Development Lifecycle" from the Microsoft Press. Note - it's not yet

+

clear whether "Threat Risk modeling" is actually a career yet. There are clear

+

careers as an "application security architect" and "application security tester"

+

(including cod review).

+

+

==Java Application Security==

+

+

What are the specific thing which we need to keep in mind while programming in JAVA to make our code secure to all types of attack (--[[User:Rajnishk7|Rajnishk7]] 02:46, 24 June 2006 (EDT))

+

+

Check out the [[:Category:OWASP Java Project|OWASP Java Project]]

+

for lots of information on this topic. [[User:OWASP|OWASP]] 22:20, 22 July 2006 (EDT)

+

+

== webmaster: security warning ==

+

+

I'm getting a "security warning" when navigating to most pages. Can this be fixed globally?

+

+

"This page contains both secure and non-secure items. Do you wish to display the non-secure items?"

+

+

This is visible on Chrome by ctrl-shift-I to list the insecure pages.

+

+

Fixing the youtube url to HTTPS on the main page would fix one of these warnings.

+

+

== application security ==

+

+

i want to know which would be the injection if the application is SAP basis

+

and what would be the recent vulnerabilities regarding this application in general?

−

== Secure Zone ==

+

Thanks

+

Bindiya

−

What are the specific thing which we need to keep in mind while programming in JAVA to make our code secure to all types of attack

+

Reply me at bindiya.aries@gmail.com

−

(--[[User:Rajnishk7|Rajnishk7]] 02:46, 24 June 2006 (EDT))

+

Latest revision as of 08:42, 30 July 2012

There are "discussion" pages (also known as "talk" pages) associated with every article at OWASP. You can leave questions, comments, or ideas on these pages for other authors to review. These pages are a good place to propose ideas or discuss possible approaches to problems. You should "sign" your comments by adding four tilde characters (~~~~) after your comment. Thanks!

Visual WebGui?

Hi my is Nigel and I am new to OWASP, I am researching Gizmox's Webgui framework and their claim that it is very secure, has any projects been started on this framework or does anyone have any expirence ?

OWASP in Latin America?

Hi my name is Katia Guzman, and I am interested in knowing experiences in OWASP's use in latin america. If someone knows about some case, I will be grateful for it.

Please check out the Local Chapters
in latin america and contact the folks running them. OWASP 22:20, 22 July 2006 (EDT)

Application Security Issue

Hi My name is Deepak Gupta. I am facing cross site scripting threat on my websites. Hackers are able to inject CSS code on my site which have static HTML Pages only. How can I check the root cause this vulnerabilty. How I can see if my server is compromised or not for this kind of attack.

Application Security Students

I am Yogesh - student, I heard about OWASP's & intrested to go into application info security.As it is a vast field of expertize. Tell me how a studend with specialized MBA-IT background can fit in.

The best way to learn application security is by doing it. Check
out the OWASP student projects for some ideas. It's a great way
to learn. OWASP 22:20, 22 July 2006 (EDT)

What basic knowledge should I have before choosing "Threat Risk modeling" as my career. (Looking for detailed feedback ) Thank you

You need a basic knowledge of application security principles,
threats, attacks, vulnerabilities, and countermeasures. Check the
OWASP Honeycomb Project for the basic
information you need. You should also read about the process of threat modeling.
There are a few books on the subject, including "Threat Modeling" and
"Secure Development Lifecycle" from the Microsoft Press. Note - it's not yet
clear whether "Threat Risk modeling" is actually a career yet. There are clear
careers as an "application security architect" and "application security tester"
(including cod review).

Java Application Security

What are the specific thing which we need to keep in mind while programming in JAVA to make our code secure to all types of attack (--Rajnishk7 02:46, 24 June 2006 (EDT))